Closed mskenderian-wps closed 5 years ago
Hmm, it does sound dangerous. Currently the env:edit
command drops you into vi (or whatever EDITOR
you have configured) specifically so that the decrypted contents never reside plaintext on disk. The goal has been to only ever have the current environment decrypted on disk.
Plus I'm not sure I see the benefit. After decrypting all you still have to then edit each file one by one, and then re-encrypt all.
Not sure if I want to add this in the package itself.
It was for the sake of rotating keys.. Decrypt. Change AWS env values to new key. Encypt.
On Tue, Jul 30, 2019 at 1:55 PM Joseph Szobody notifications@github.com wrote:
Hmm, it does sound dangerous. Currently the env:edit command drops you into vi (or whatever EDITOR you have configured) specifically so that the decrypted contents never reside plaintext on disk. The goal has been to only ever have the current environment decrypted on disk.
Plus I'm not sure I see the benefit. After decrypting all you still have to then edit each file one by one, and then re-encrypt all.
Not sure if I want to add this in the package itself.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/stechstudio/laravel-env-security/issues/6?email_source=notifications&email_token=AHDL3ISXWSIHBLXVHTHDPZTQCCTCLA5CNFSM4IHZ2SC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3FJCYY#issuecomment-516591971, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDL3IRCIJXFHRXFYYTWUNDQCCTCLANCNFSM4IHZ2SCQ .
-- -Michael Skenderian
It would be great to have a simpler process for key rotation, for sure.
Perhaps something like php artisan env:rotate KEY_NAME
where it then prompts for the old and new value, and then goes through each env file and updates? That could be quite useful, and would still avoid decrypting all files and leaving them plaintext on disk.
I'll write up a separate issue for that, and would welcome feedback. I don't have a lot of time to work on that right now but would happily look at a PR if you wanted to. Going to close this one though.
yes i like that idea.
On Wed, Jul 31, 2019 at 8:18 AM Joseph Szobody notifications@github.com wrote:
Closed #6 https://github.com/stechstudio/laravel-env-security/issues/6.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/stechstudio/laravel-env-security/issues/6?email_source=notifications&email_token=AHDL3IWMT4SB3EYWPALGKXTQCGULXA5CNFSM4IHZ2SC2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSZVRIKY#event-2523599915, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDL3IWHAXIEI7A2NOJ5OPTQCGULXANCNFSM4IHZ2SCQ .
-- -Michael Skenderian
If I need to rotate keys. I have to edit them one by one.
‘artisan env:decrypt —all’ Will decrypt all files and name them .env.environment
Encrypt will do the reverse.
Decrypt —all can be dangerous... Also display warning to add the newly created files to .gitignore.